Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Add missing aria labels and roles to buttons, links, tables #11577

Merged
merged 1 commit into from
Jan 23, 2025
Merged

Fix: Add missing aria labels and roles to buttons, links, tables #11577

merged 1 commit into from
Jan 23, 2025

Conversation

littlesvensson
Copy link
Contributor

Description

Fixes #11576

Visually there is no change, only some missing accessibility attributes added

Screenshot 2025-01-16 at 13 06 10

@github-actions github-actions bot added docker settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests ui parser helm labels Jan 16, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 16, 2025
edited
Loading

DryRun Security Summary

The pull request focuses on improving web accessibility across multiple Dojo application pages by adding ARIA attributes to buttons and dropdown menus to enhance screen reader compatibility and user experience.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the accessibility and usability of various pages and features in the Dojo application. The changes primarily involve adding aria-label and aria-expanded attributes to buttons and dropdown menus, which enhances the user experience for individuals using screen readers or other assistive technologies.

From a security perspective, the changes do not introduce any obvious vulnerabilities. The code appears to follow secure coding practices, such as using Django's built-in template engine, implementing access control mechanisms, and avoiding direct rendering of user-supplied input. However, it is important to review the entire codebase and consider the broader security implications of the application, including input validation, authentication, authorization, error handling, and the use of third-party libraries and dependencies.

Files Changed:

  1. dojo/templates/dojo/action_history.html: The change updates the aria-label attribute of the "Filters" button, providing a more descriptive label for screen readers.
  2. dojo/templates/dojo/benchmark.html: The changes improve the accessibility of the "Filters" and "View" dropdown buttons by adding aria-label and aria-expanded attributes.
  3. dojo/templates/dojo/dev_env.html: The changes enhance the accessibility of the "Filters" and "Environment actions" buttons by adding aria-label and aria-expanded attributes.
  4. dojo/templates/dojo/components.html: The change adds an aria-label attribute to the "Filters" button, improving accessibility.
  5. dojo/templates/dojo/endpoints.html: The changes focus on improving the accessibility of various buttons and dropdown menus, including the "Filters" button and the "Endpoint actions" dropdown.
  6. dojo/templates/dojo/engineer_metrics.html: The change adds an aria-label attribute to the "Filters" button, enhancing accessibility.
  7. dojo/templates/dojo/engagements_all.html: The changes improve the accessibility of the "Filters" button and the dropdown menu items.
  8. dojo/templates/dojo/engagement.html: The changes enhance the accessibility of the "Filters" button and the dropdown menus.
  9. dojo/templates/dojo/jira.html: The change adds an aria-label attribute to the "Jira configuration options" dropdown button, improving accessibility.
  10. dojo/templates/dojo/github.html: The changes update the aria-expanded attribute of the dropdown button, ensuring proper accessibility.
  11. dojo/templates/dojo/groups.html: The changes add aria-label and aria-expanded attributes to the "Filters" button and the "Groups options" dropdown, improving accessibility.
  12. dojo/templates/dojo/findings_list_snippet.html: The changes focus on improving the accessibility of the bulk actions and dropdown menus.
  13. dojo/templates/dojo/metrics.html: The changes add aria-label attributes to the "Filters" and "View" buttons, enhancing accessibility.
  14. dojo/templates/dojo/product_components.html: The change adds an aria-label attribute to the "Filters" button, improving accessibility.
  15. dojo/templates/dojo/note_type.html: The changes enhance the accessibility of the "Filters" and "Note type options" buttons by adding aria-label and aria-expanded attributes.
  16. dojo/templates/dojo/product.html: The changes improve the accessibility of various buttons and dropdown menus.
  17. dojo/templates/dojo/regulations_config.html: The change updates the aria-expanded attribute of the dropdown button, ensuring proper accessibility.
  18. dojo/templates/dojo/product_metrics.html: The change adds an aria-label attribute to the "Filters" button, improving accessibility.
  19. dojo/templates/dojo/product_type.html: The changes enhance the accessibility of the dropdown menus by adding aria-label, aria-expanded, aria-labelledby, and role="menuitem" attributes.
  20. dojo/templates/dojo/regulations.html: The change adds an aria-label attribute to the "Regulation options" dropdown button, improving accessibility.
  21. dojo/templates/dojo/request_report.html:

Code Analysis

We ran 9 analyzers against 30 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 39 findings
Authn/Authz Analyzer 1 finding

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@littlesvensson littlesvensson force-pushed the buttons-and-links-accessibility branch from bc24ed4 to 59d7c93 Compare January 16, 2025 12:48
@github-actions github-actions bot removed docker settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests parser helm labels Jan 16, 2025
@kiblik kiblik requested a review from Maffooch January 16, 2025 16:59
@kiblik kiblik requested a review from mtesauro January 16, 2025 17:02
mtesauro
mtesauro approved these changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro
Copy link
Contributor

@littlesvensson Thanks for this PR.

We've had accessibility lint running for years but I don't know much more then what it notices so thanks for sharing your knowledge on the right thing to do for screen readers. It's MUCH appreciated. 🎉

@Maffooch Maffooch merged commit b19518f into DefectDojo:bugfix Jan 23, 2025
72 of 73 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@mtesauro mtesauro mtesauro approved these changes

@kiblik kiblik kiblik approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@littlesvensson @mtesauro @grendel513 @kiblik @Maffooch